This is the mail archive of the
cygwin-developers
mailing list for the Cygwin project.
Re: /home security problem
On 4 September 2010 09:19, Andy Koppe wrote:
>>> On 3 September 2010 03:04, Dave Korn wrote:
>>> > ÂWe could restructure the logic in /etc/profile to do something like
>>> >
>>> > Âif [ $HOME already exists ]
>>> > Â Âif [ $HOME owner uid != $user uid ]
>>> > Â Â Âissue warning and rename bogus home dir aside
>>> > Â Âfi
>>> > Âfi
>>> >
>>> > just before the current
>>> >
>>> > Âif [ $HOME doesn't exist ]
>>> > Â Âcopy it from /etc/skel, issuing the standard first-run message.
>>> > Âfi
>>> >
>>> > bit. Â(Sorry pseudocode only.)
>>>
>>> Good idea. I see bash has a built-in test for whether a file belongs
>>> to the current user (-O file), so this could probably be done without
>>> incurring another fork.
>
> On, second thoughts, the 'rename bogus home dir aside' bit won't work
> for ordinary users, because they don't have the right to do so. So
> perhaps have the 'SOMEONE ELSE OWNS YOUR HOME!' warning only?
Hmm, no, that's not good enough either. I've got my Cygwin home set to
my Windows home directory (C:\Users\Andy), and that's actually owned
by the SYSTEM account.
Andy